Transcript E-Commerce4

Internet Security for
E-Commerce
Chapter 4
CIM3561
Internet Security for e-Commerce
1
Web-based Secure Mail





How emails are sent and received
Messaging security services
SMTP/MIME
SSL/TLS
PGP
2
How emails are sent



Simple Mail Transfer Protocol, SMTP
It is a relatively simple, text-based
protocol, where one or more
recipients of a message are specified
and then the message text is
transferred
SMTP is a "push" protocol that does
not allow one to "pull" messages
from a remote server on demand
3
How emails are sent

SMTP defines the message format
and the message transfer agent
(MTA), which stores and forwards the
mail. SMTP was originally designed
for only plain text (ASCII text), but
MIME and other encoding methods
enable executable programs and
multimedia files to be attached to
and transported with the e-mail
message.
4
How emails are received



Uses Post Office Protocol (POP)
Users retrieve e-mails when
connected and then to view and
manipulate the retrieved messages
without needing to stay connected
POP3 generally connect, retrieve all
messages, store them on the user's
PC as new messages, delete them
from the server, and then disconnect
5
How emails are received


Another protocol Internet Message
Access Protocol (IMAP)
IMAP generally leave messages on
the server until the user explicitly
deletes them. This and other facets
of IMAP operation allow multiple
clients to access the same mailbox
6
Email Security


One of the limitations of the original
SMTP is that it has no facility for
authentication of senders. Therefore
the SMTP-AUTH extension was
defined.
However, the impracticalities of
widespread SMTP-AUTH
implementation and management
means that E-mail spamming is not
and cannot be addressed by it.
7
Email security



E-mail clients can encrypt POP3 traffic using
TLS or SSL.
POP3 currently supports several
authentication methods to provide protection
against illegitimate access to a user's e-mail
such as APOP, which uses the MD5 hash
function in an attempt to avoid replay attacks
and disclosure of a shared secret.
Clients POP3 clients can also support SASL
authentication methods via the AUTH
extension.
8
Messaging security services




Message origin authentication
Content integrity
Content confidentiality
Non-repudiation of origin
9
SMTP/MIME



The basic Internet e-mail transmission
protocol, SMTP, supports only 7-bit ASCII
characters (see also 8BITMIME).
This effectively limits Internet e-mail to
messages which, when transmitted, include
only the characters sufficient for writing a
small number of languages, primarily English.
Other languages based on the Latin alphabet
typically include diacritics not supported in 7bit ASCII, meaning text in these languages
cannot be correctly represented in basic email.
10
MIME

Multipurpose Internet Mail
Extensions (MIME) is an Internet
Standard that extends the format of
e-mail to support:
• text in character sets other than USASCII;
• non-text attachments;
• multi-part message bodies; and
• header information in non-ASCII
character sets.
11
MIME

MIME (RFC 2045) defines a set of
methods for representing binary data
in ASCII text format, e.g. base64.
The content-transfer-encoding: MIME
header indicates the method that has
been used.
12
S/MIME


S/MIME was originally developed by
RSA Data Security Inc.
The original specification used the
recently developed IETF MIME
specification with the de facto
industry standard PKCS #7 secure
message format.
13
S/MIME

S/MIME provides the following
cryptographic security services for
electronic messaging applications:
• authentication
• message integrity
• non-repudiation of origin (using digital
signatures)
• privacy
• data security (using encryption).
14
Limitations of S/MIME



Not all e-mail software handles
S/MIME
S/MIME is not properly suited for use
via webmail clients.
S/MIME is tailored for end to end
security. Encryption will not only
encrypt your messages, but also
malware.
15
SSL/TLS




Secure Sockets Layer was created by
Netscape to ensure a secure session on
TCP/IP networks.
SSL uses a combination of certificates, digital
signatures, and cryptography (based on RSA).
The client initiates an SSL Web connection by
using a URL starting with https instead of http.
With SSL, the data flows back and forth
between the client and server using a secret
key algorithm. This technology is evolving
into Transport Layer Security (TLS).
16
SSL/TLS
SSL performs the following functions:
 It authenticates the server to the
client.
 Optionally, it authenticates the client
to the server.
 It creates an encrypted connection
between both machines.
17
SSL/TLS



The authentication of the server to
the client, and vice versa, happens
through the exchange of certificates.
The Certificate Authority that signed
the certificate can be a different CA
for the server than for the client.
They must be trusted by the client
and the server, respectively.
The browser has a certificate built-in
18
SSL/TLS
19
PGP

PGP Encryption (Pretty Good
Privacy) is a computer program that
provides cryptographic privacy and
authentication. It was originally
created by Philip Zimmermann in
1991.
20
PGP



PGP encryption uses public-key
cryptography and includes a system which
binds the public keys to user identities.
The first version of this system was
generally known as a web of trust to
contrast with the later-developed X.509
system which uses a hierarchical approach
based on certificate authority.
Current versions of PGP encryption include
both alternatives through an automated
management server.
21
PGP

PGP encryption applications now
include email and attachments,
digital signatures, laptop full disk
encryption, file and folder security,
protection for IM sessions, batch file
transfer encryption, and protection
for files and folders stored on
network servers
22
Advances in hardware



CPU
Hardware security module
Keylogger
23
Advances in CPU

LaGrande Technology Architecture
24
25
26
LT hardware enhancement
27
28
29
Next Generation Secure
Computing Base
30
Hardware security module


A Hardware Security Module (often
abbreviated to HSM, is a plug-in card or
external device for a general purpose
computer and may even be an embedded
system itself.
The job of the HSM is to securely generate
and/or store long term secrets for use in
cryptography and physically protect the
access to and use of those secrets over
time. Generally these are private keys
used in Public-key cryptography; some
HSMs also allow for hardware protection of
symmetric keys.
31
HSM from nCipher
32
Keylogging and Keylogger




Keystroke logging (often called keylogging) is a
method of capturing and recording user
keystrokes.
Keylogging can be useful to determine sources of
errors in computer systems, to study how users
interact with systems, and is sometimes used to
measure employee productivity on certain clerical
tasks.
Such systems are also highly useful for law
enforcement and espionage—for instance,
providing a means to obtain passwords or
encryption keys and thus bypassing other
security measures.
Keyloggers are widely available on the Internet.
33
Threats to security

Attacks on eCommerce sites
• Obtain customer information
• DOS
• Disfigure of web sites
34
Internet Security Issues






Access control
Packet filtering
Firewalls
Intrusion Prevention and Detection
VPN
Viruses and worms
35
Access control


Access control is the ability to permit or deny
the use of a particular resource by a
particular entity.
Access control mechanisms can be used in
managing physical resources (such as a
movie theater, to which only ticket holders
should be admitted), logical resources (a
bank account, with a limited number of
people authorized to make a withdrawal), or
digital resources (for example, a private text
document on a computer, which only certain
users should be able to read).
36
Firewall



A firewall is a combination of hardware
and software that sits in the entry point to
the company network (or the point where
a company network is connected to the
Internet).
It monitors the type of traffic that comes
into the company network, and it decides
whether a packet is allowed to enter.
All traffic (data packets) must be screened
by the firewall and only allows authorized
packets to gain entry into the network.
37
Firewall and the DMS
38
Components of Firewall




Packet filtering (also called screening
routers)
Application proxies
Circuit level gateways
Virtual private networking
39
Packet filtering



Screening routers can look at the packet IP
address (network layer) and the types of
connections (transport layer). Then they
provide filtering based on that information.
A screening router may be a stand-alone
routing device or a computer that contains
two network interface cards (dual-homed
system).
The router connects two networks and
performs packet filtering to control traffic
between the networks. Administrators
program the device with a set of rules that
define how packet filtering is done.
40
Intrusion Prevention and Detection

An intrusion prevention system (IPS) is a
computer security device that monitors network
and/or system activities for malicious or
unwanted behavior and can react, in real-time, to
block or prevent those activities. Network-based
IPS, for example, will operate in-line to monitor
all network traffic for malicious code or attacks.
When an attack is detected, it can drop the
offending packets while still allowing all other
traffic to pass. Intrusion prevention technology is
considered by some to be an extension of
intrusion detection (IDS) technology.
41
Intrusion Prevention and Detection




In Information Security, intrusion detection is the act of detecting actions
that attempt to compromise the confidentiality, integrity or availability of a
resource. Intrusion detection does not, in general, include prevention of
intrusions.
Intrusion detection can be performed manually or automatically. Manual
intrusion detection might take place by examining log files or other
evidence for signs of intrusions, including network traffic. A system that
performs automated intrusion detection is called an Intrusion Detection
System (IDS). An IDS can be either host-based, if it monitors system calls
or logs, or network-based if it monitors the flow of network packets.
Modern IDSs are usually a combination of these two approaches. Another
important distinction is between systems that identify patterns of traffic or
application data presumed to be malicious (misuse detection systems),
and systems that compare activities against a 'normal' baseline (anomaly
detection systems).
When a probable intrusion is discovered by an IDS, typical actions to
perform would be logging relevant information to a file or database,
generating an email alert, or generating a message to a pager or mobile
phone.
42
Intrusion prevention is an evolution of intrusion detection.
Application proxies



Proxy means to do something on
other people’s behalf
A client can only connect to the
Internet through a proxy, its IP
address is not revealed
The information on who uses the
Internet and the transfer details are
logged by the proxy user for further
analysis
43
Application Proxies
44
Application Proxy

Application-specific proxies require a
different one for each application (for
example, FTP and HTTP)
45
Circuit Level Gateways




Circuit-level gateways are a type of proxy
server that provides a controlled network
connection between internal and external
systems.
A virtual “circuit” exists between the internal
client and the proxy server. Internet requests
go through this circuit to the proxy server.
The proxy server delivers those requests to
the Internet after changing the IP address.
External users only see the IP address of the
proxy server. External systems never see the
internal systems.
46
VPN


Virtual Private Networking (VPN) is a
process by which organizations take
advantage of the public network
(Internet) to achieve connectivity for
their branches as well as their
remote users.
The security of this connection is
achieved by authentication and
encryption.
47
VPN

Deployed at 2 levels:
• Data Link layer VPN (Layer 2)
• Network layer VPN (Layer 3/IPSec)

Protocols used:
• Point to Point Tunneling Protocol (PPTP)
• Layer 2 Tunneling Protocol (L2TP)
• Layer 2 Forwarding (L2F)
48
VPN

The protocol that is used to establish
the network layer VPN is IPSec.
IPSec, in turn, has three component
protocols:
• Authentication Header (AH)
• Encapsulated security payload (ESP)
• Internet key exchange (IKE)
49
Firewall objectives



You want to only allow traffic to flow
that you have determined is safe and
in your interest.
You want to give away a minimum
of information about your private
network.
You want to track firewall activity
and be notified of suspicious behavior.
50
Firewall rules


Anything that is not explicitly
permitted should, by default, be
denied.
This means that when you set up
your firewall, you should be able to
state exactly what traffic you want to
pass through it. It should not be
possible for any other traffic to pass.
51
Firewall rules



You should keep outside users out of
your internal network wherever
possible.
Even if you are providing a legitimate
service for outsiders to use, you
should not trust them.
If possible, you should place such
services outside the firewall (possibly
within a DMZ), isolated from your
internal systems.
52
Firewall rules


You should do thorough auditing and
logging.
You should assume the worst: That
at some time, your systems will be
compromised by a hacker. At this
point, you need good logging
functions to allow you to detect the
hacker, retrace his movements, and
prevent further damage.
53
Security Architecture
54
Web Security
55
IPSec and VPN




IPSec
VPN (Virtual Private Network)
Security policy
Packet encryption protocol
56
Approaches for securing
eCommerce solutions




Packer filtering and application
proxies
Firewall and digital signature access
via DMZ
Using SET
Using VPN
57
Packer filtering and application
proxies
58
Firewall and digital signature
access via DMZ
59
Using SET
60
Using VPN
61
THE END
62